Hi,

I've had a search for EWS white list or EwsApplicationAccessPolicy but not found anything.

I've got an AAD app which I'm authenticating with using ADAL.js to make calls to MS Graph. This has worked fine across several tenants. It has recently been moved to a tenant that has EwsApplicationAccessPolicy white list enabled. What we now see on calls to graph is the response 403 - Access to OData is disabled. A quick Google reveals this blog post https://blogs.msdn.microsoft.com/wushuai/2017/04/01/how-to-fix-access-to-odata-is-disabled-when-call... where the solution is to add a value to your white list for your app and modify the user-agent in the call to graph to be set to this value.

The problem is I'm doing all of this client side and, as far as I'm aware, you cant modify the user-agent client side. So we'd have to make the calls from the server side and then call those end points. Is this correct? As it seems like a glaring ommission from some of the documentation. Like here (https://docs.microsoft.com/en-us/sharepoint/dev/spfx/use-aad-tutorial) on the guide to calling Graph from SP Framework which all occurs client side, this wouldnt work with EwsApplicationAccessPolicy enabled.

Is my understanding on this correct? (i.e. I cant now authenticate/call graph client side in this scenario). As if so I'll submit a change to some of the docs that describe client side calls to graph to state that it cant be done with EwsApplicationAccessPolicy enabled without some server side code in the middle.

Thanks,
Adam